Tag: infosec

Canada’s Chief Electoral Officer wants electronic counting option

The Chief Electoral Officer has made his Recommendations following the 42nd General Election.  Buried in it is recommendation A3, which would in my opinion open the door to unaccountable experimentation with Canada’s (federal) vote-counting system, a system that is currently extremely fast and high-integrity.  In particular it opens the door to introduce electronic counting (vote counting computers).  I don’t know why one would want to fix something that is not broken, and why Canada would want to give the sole authority to make that change to the Chief Electoral Officer (CEO).

Recommendation A3: Subsection 283(3) should be replaced with a general provision that allows the ballot-counting process to proceed according to the CEO’s instructions.

These recommendations are being discussed in closed sessions of the Parliamentary PROC (Procedure and House Affairs Committee).  It is not clear how the public can provide input into the discussions, other than by contacting PROC.


At the time of this writing, the next closed meeting will be meeting 42, November 24, 2016.  You can find the list of all PROC meetings for the current Parliamentary session at


Recommendations Report

An Electoral Framework for the 21st Century: Recommendations from the Chief Electoral Officer of Canada Following the 42nd General Election


From Table A—Recommendations Discussed in Chapters 1 and 2

Issues with Vote Counting Computers

The only way to be sure that votes have been counted is to

  1. Vote on paper
  2. Count the paper

If you have very complex counting, with either many positions being voted upon at once, or with an indirect allocation of results based on calculations, then you might choose vote counting computers that scan the paper ballots.  But be aware that you then MUST

  • extensively test vote counting computers before and after the election
  • remove voting computers from service during the live election and test them (in order to test under true voting conditions)
  • conduct risk-limiting audits of the paper ballots
  • keep the computers secure at all times, including between elections
  • keep the computers well-maintained at all times, including between elections

Which is to say, using vote counting computers may be faster for complex elections, but it is definitely not cheaper when done with proper risk management.

It is possible to take a hybrid approach, although no jurisdiction I know of does so.  In a hybrid approach, particularly important votes would be separately hand marked and hand counted (e.g. in the USA it would make sense to separate the Presidential ballot and count from all other vote casting and counting).

Note that in Canada we don’t (yet) have complex elections, meaning there is literally no justification for computer counting of ballots.  You’re introducing greater security risk, along with the need to continuously warehouse, maintain and secure the voting computers.

And note I said voting computers not some incorrect term like “voting machines” or “electronic counting devices” or “electronic tabulators” or “optical mark-sense scanners”.  These are full-fledged computers with optical scanners attached.  Computers that are vulnerable to all the regular and routine sorts of attacks and errors that happen every day.

Now think about this concept of “efficiency”.  How often does an election take place?  Once every four years?  And how long does it take to do the count?  With a simple ballot, you might save a few minutes on the entire count.  And then what do you do with the computers?

To save a few minutes every four years, you have to spend millions of dollars to warehouse and maintain vote counting computers.  And warehouse them securely, if you care about elections security.  And technology goes obsolete quickly.  So basically you’re paying for computers to sit in warehouses going obsolete, in pursuit of some illusory time and efficiency savings.

Aleksander Essex on Internet Voting in Canada

Aleksander Essex’s submission to the ERRE Special Committee on Electoral Reform is now available:

Some key areas of concern he identifies include:

  • Vote selling and Coercion
  • Phishing
  • Automation bias
  • Denial of Service
  • Client-side malware/spyware
  • Network attacks
  • Server penetration
  • Insider influence
  • State-level actors

He cites the recommendations in the 2015 Utah iVote Advisory Committee Report (PDF), specifically the call for public trials (white hat hacking) of any proposed Internet voting system. Here’s the relevant paragraph from the Utah report:

We recommend that Utah build requirements for an open, public trial for any proposed voting system. The requirements should clearly state the level of integrity and auditability that is required for acceptance along with the overall security and integrity goals for the system. Be aware that even with open, public penetration trials, an Internet voting system would still be subject to malware, phony voter, DDoS, phishing, and insider attacks. So we further recommend that any requirements for an Internet voting system address these concerns specifically and require that vendors satisfy them. In addition, Utah should strongly consider that source code for the entire voting system be made open source so that it can be subjected to review, build, and test by computing professionals not under the influence or supervision of the vendor.

For more about Aleksander Essex see my list of computer science experts


CSE reports thousands of Canadian federal gov systems compromised yearly

The CSE statement says that of more than 4,500 known federal government computer-system compromises to date in 2016, it can identify only three known instances where data were actually stolen.

From the Globe and MailHackers target Canadian government’s energy and resource departments – by Colin Freeze – November 17, 2016

The article is based on the CSE response to a Parliamentary question.

Specifically, CSE responded in Sessional Paper No. 8530-421-14 to Question Q-525 in the 42nd Parliament, 1st Session.  Unfortunately at this time I am not able to post this paper online.


You can see the titles of all Written Questions and the information about the responses at Status of House Business – Part III – Written Questions http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=status&File=12

The specific info for this question is

Q-5252Mr. Jeneroux (Edmonton Riverbend) — Cyber attacks — Notice — September 30, 2016

Answer tabled (Sessional Paper No. 8530-421-14) — November 16, 2016

Made an Order for Return and answer tabled (Sessional Paper No. 8555-421-525) — November 18, 2016

Sessional papers must currently be requested from the Library of Parliament info@parl.gc.ca

To find the actual text of the question, the only way I know is to go back through the Order Paper and Notice Paper, usually from the day after the notice date.  You can find Q-525 in the October 3, 2016 Questions section:

Q-5252 — September 30, 2016 — Mr. Jeneroux (Edmonton Riverbend) — With regard to cyber attacks, broken down by month, and by department, agency, and crown corporation, since January 1, 2016: (a) how many cyber attacks have occurred, either against a department, agency or crown corporation or on one of their servers or networks; (b) how many of the attacks referred to in (a) resulted in government information being stolen; (c) how many of the attacks referred to in (b) resulted in classified government information being stolen; (d) how many of the attacks referred to in (a) resulted in individuals’ personal information being stolen; (e) for each of the attacks referred to in (d), how many individuals’ personal information was stolen; (f) were the individuals from whom information was stolen informed of the theft, and, if so, how were they informed; and (g) for each case where individuals’ information was stolen, was the Privacy Commissioner notified?

The superscript 2 means 2 Response requested within 45 days.

And no, I don’t know how anyone would know any of this without spending a lot of time on parl.gc.ca plus getting some help.  It is very unintuitive and nothing is linked properly.